Fix issue with Nginx not recognizing the SCEP client certificate (#105)

Co-authored-by: Pahansith <pahansith@entgra.io>
Reviewed-on: community/device-mgt-core#105
Co-authored-by: Pahansith Gunathilake <pahansith@entgra.io>
Co-committed-by: Pahansith Gunathilake <pahansith@entgra.io>
master
Pahansith Gunathilake 2 years ago committed by Pahansith
parent dfe957b019
commit d34adaae96

@ -97,10 +97,7 @@ import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.List;
import java.util.*;
import java.util.concurrent.TimeUnit;
public class CertificateGenerator {
@ -798,8 +795,16 @@ public class CertificateGenerator {
BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis());
X500Name issuerName = new X500Name(certCA.getSubjectDN().getName());
//Reversing the order of components of the subject DN due to Nginx not verifying the client certificate
//generated by Java using this subject DN.
//Ref: https://stackoverflow.com/questions/33769978 & engineering mail SCEP implementation for Android
String[] dnParts = certCA.getSubjectDN().getName().split(",");
StringJoiner joiner = new StringJoiner(",");
for (int i = (dnParts.length - 1); i >= 0; i--) {
joiner.add(dnParts[i]);
}
String subjectDn = joiner.toString();
X500Name issuerName = new X500Name(subjectDn);
String commonName = certificationRequest.getSubject().getRDNs(BCStyle.CN)[0].getFirst()
.getValue().toString();
X500Name subjectName = new X500Name("O=" + commonName + "O=AndroidDevice,CN=" +

Loading…
Cancel
Save